Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
0
Helpful
3
Replies

Network access via vpn not working even though routes being added.

Go to solution
MachielRichards
Level 1
Level 1

‎12-18-2018 01:36 AM

Good morning all.

    I am hoping this message finds all well.

 

    I am looking for some assistance in troubleshooting an issue that I have been struggling with.

 

    We are running a Cisco ASA 5515x and we use cisco anyconnect vpn for staff to connect to servers inside the office when they are remote.

      We recently moved offices and installed new Internet lines and this was all configured accordingly on the ASA.

       The new subnets were also added to the vpn ACL.

 

       The problem we are facing however, is that the vpn client establishes a connection, and the relevant routes are in fact added to the client machine's routing table.
        However, we are unable to access any of the servers on the network.

 

        When testing from the ASA itself , it can reach the servers, but not working via vpn.

         any suggestions would be well appreciated.

 

 

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roy Harrington
Cisco Employee
Cisco Employee

‎12-18-2018 11:00 AM

Add a nat exemption for the interesting traffic.What ever you have for your source and destination acl use that for the source and destination nat.Should look something like this nat (LAN,WAN) source static LOCAL LOCAL destination static REMOTE REMOTE.

 

Here is a link to a community post about how to do nat via cli or asdm.If you are using FTD let me know and I can assist you.

https://community.cisco.com/t5/firewalls/asa-9-0-how-to-display-nat-exemption-within-the-asdm/td-p/2318661

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎12-18-2018 02:16 AM

If you can capture decrypted traffic on ASA then you can see if packets are
arriving or not.
0 Helpful

Go to solution
Roy Harrington
Cisco Employee
Cisco Employee

‎12-18-2018 11:00 AM

Add a nat exemption for the interesting traffic.What ever you have for your source and destination acl use that for the source and destination nat.Should look something like this nat (LAN,WAN) source static LOCAL LOCAL destination static REMOTE REMOTE.

 

Here is a link to a community post about how to do nat via cli or asdm.If you are using FTD let me know and I can assist you.

https://community.cisco.com/t5/firewalls/asa-9-0-how-to-display-nat-exemption-within-the-asdm/td-p/2318661

 

0 Helpful

Go to solution
MachielRichards
Level 1
Level 1
In response to Roy Harrington

‎12-20-2018 01:05 AM

GREAT, thank you Roy, that did the trick.
0 Helpful
Customers Also Viewed These Support Documents